o 

CT>N 

CM 



CO 
>- 
CO 

o 



< 
or 

LU 
Q_ 

o 



CM 



CO 
CD 



CO 



CM 

CD 



o 

CD 
CM 



O 
CM 



o 

CO 
CM 



S5 




C£ 




< 












o 








LU °l 




Q 




LU 








o 




CO 









LU 

o 

>: 
S' 

LU 
0£ 
ZD 

CO 



2 

— J 
CL 



LU 

LU 
CL 
O 



LU 
_l 
CL 
CL 

CO 
LU 
CO 

O 





ml 
cm! 

O 



LU 
CL 



LU 

LU 
_l 
CL 
CL 
Z> 
CO 
LU 
CL 



EST 




ER 


LL 




LL 






\— 


< 






LU 




IDE 


CL 




LU 






CL 



tug 
Lu ^ y 




o 

CM 



1 



CM 



LU 



LU 
Q 
O 
O 
CL 



o 
o 

CD 



£ _l oo 
O 



or 
o 



CO 
LU 

CL 



CM 




PARAMETER BLOCK 
242 



PE210 



PE MANIFEST 222 



PE IDENTIFIER. 
224 

PE 

. SUPPLEMENT 

\ 220 
PE 

MEMORY 

215 



PK 
260 



* — ► 



1 



PE 
LOADER 
310 



ISOLATED 
MEMORY 
AREA 70 



LOADED 
PE MANIFEST 
322 



o — ► 



PE MANIFEST 
VERIFIER 
320 



PE VERIFIER 

m 



CONSTANT 355 



CONSTANT DERIVER 
35J) 



<> — ► 



PE KEY GENERATOR 


360 




PE KEY COMBINER 






364 





FIG. 3 



PE ENTRANCE/EXIT 
HANDLER 3_fifi 



LOADED 
PE 
312 



PE 
ERROR 
GENERATOR 
340 



PE KEY 365 




STORAGE 
* IN CHIPSET 
(EG., ICH) 375 



APPLICATION _ 
MODULE 512 

APPLET 
MODULE 514 

SUPPORT - 
MODULE 516 



APPLET 
IDENTIFIER 
518 - 



OSE KEY 465 ■ 



510 



270 



MODULE 
LOADER 

AND 
EVICTOR 



5 



ISOLATED 
MEMORY 
AREA 

zo 



PAGE 
MANAGER 
520. 



INTERFACE 
HANDLER 
530 



SUBSET 
IN OS 295 



KEY BINDER AND UNBINDER 
/"542 



APPLET KEY 
GENERATOR 



APPLET KEY 
COMBINER 



544 



540 



APPLET 
-► KEY 
545 



SCHEDULER 
AND BALANCER 



INTERRUPT 
HANDLER 



550 



560 



FIG. 5 



700 



("start) 



BOOT UP PLATFORM FOLLOWING POWER-ON 



HANDLE A PROCESSOR EXECUTIVE (PE) 
USING PLATFORM KEY AND PE SUPPLEMENT 



T 



HANDLE AN OPERATING SYSTEM EXECUTIVE (OSE) 
IN A SECURE ENVIRONMENT 




r 


MANAGE A SUBSET OF AN OPERATING SYSTEM (OS) 
RUNNING ON PLATFORM 




r 



730 



740 



T 



FIG. 7 



( START ) 



720 



LOAD PE AND PE SUPPLEMENT FROM A PE MEMORY 
INTO ISOLATED MEMORY AREA USING PARAMETER 
BLOCK PROVIDED BY BOOT UP CODE 



1010 



NO 



is- 10,5 

LOADED PE^ 
MANIFEST SAME 

AS ORIGINAL 
.PE MANIFEST?^ 



YES 

1025 

DOES 
LOADED PE 
HAVE THE SAME MANIFEST 

AS LOADED PE ^ NO 
MANIFEST? 



1020 



GENERATE FAILURE/FAULT 
CONDITION AND/OR 
ERROR CODE 



YES 



GENERATE PE KEY USING PLATFORM KEY 

I " 



LOG PE IDENTIFIER IN A STORAGE 



1030 



1035 



CHANGE ENTRY POINT IN CONFIGURATION BUFFER 



1040 



RETURN TO BOOT UP CODE 



1045 



( END ) 



FIG. 10 



